Hello everyone, We have a use case where a certain group needs to be constantly verified if they have access to the email they used to sign up with, say once per week. to make sure they are still with said company that owns the domain.
so we thought it’s better to force logout once a week, force the user to log in, and send OTP to his email inbox.
but I cannot find an option for Email OTP. where to look? or what other ways to accomplish this ?
Site setting enable local logins via email controls the ability to get a login link.
You could disable all other login types to make all users use only otp.
See settings persistent sessions and maximum session age (default 1440 hours)
“User will remain logged in for n hours since last visit”.
If you want to apply these requirements only to some users you’ll need a plugin.
Yes, I saw this setting, but this does not prevent the user from using his password to log in.
which plugin ?
You would need to disable local logins.
One that is developed for this purpose. You can contact me or ask in marketplace.